Botnets that target Internet of Things (IoT) devices are neither new nor rare, with the infamous Mirai perhaps being the most popular example. However, a new botnet dubbed “Hide ‘N Seek”, or HNS, is seemingly one of the first—along with the Hajime botnet—to use custom built peer-to-peer (P2P) communication for its infrastructure. The botnet has affected over 24,000 devices, including devices in the U.S. and Asia, as of the time of publication.

First discovered by researchers in early January, HNS compromises machines via a worm-like mechanism, which creates a random list of IP addresses for its potential victims. Compromising a device will allow HNS to perform a variety of commands, similar to a P2P protocol, that include data exfiltration, code execution and device operation interference. It can also target devices via the same web exploitation capabilities seen in the Reaper botnet. To prevent a third party from hijacking or poisoning it, HNS comes with multiple anti-tampering techniques.

An interesting characteristic of HNS is that it does not possess a Distributed Denial of Service (DDoS) function seen in other IoT botnets. However, it does come with a file theft component—unusual in IoT botnets—that adds elements of cyber-espionage to the botnet.

Like other IoT botnets, HNS lacks persistence—each reboot effectively purges it from the device. Botnets like HNS are characterized by their ability to spread quickly and effectively, infecting thousands, if not millions of devices in a short span of time. These botnets are also constantly evolving, adding new capabilities and features that make them more effective.

Fortunately, users can protect themselves from IoT-based threats without having to resort to complicated methods. Changing the device’s default password with a stronger one—preferably using at least 15 characters, with both uppercase and lowercase letters, numbers, and special characters—can make it more difficult for botnets to access the device's interface.

Users should also regularly check for any available updates for their device, as these can address security flaws and vulnerabilities that botnets can use as an entry point into the system or device.

In addition to the best practices mentioned above, users can look into solutions such as Trend Micro™ Security and Trend Micro Internet Security, which offer effective protection for threat’s to IoT devices using security features that can detect malware at the endpoint level. Connected devices are protected by security solutions such as Trend Micro Home Network Security, which can check internet traffic between the router and all connected devices. In addition, enterprises can monitor all ports and network protocols to detect advanced threats and protect from targeted attacks via Trend Micro™ Deep Discovery™ Inspector.

2017 MIDYEAR SECURITY ROUNDUP

2018 SECURITY PREDICTIONS

Today's increasingly interconnected environments pave the way for threats that will bank on systems' weaknesses for different forms of cybercrime. How can you prepare for the year ahead?View the 2018 Security Predictions